DoD's DARPA Plans Resilient Cloud to Withstand Cyber-Attacks

The Department of Defense will be announcing details behind a new resilient cloud infrastructure that can keep operating even while under cyber-attack on May 26.

The research arm of the Department of Defense wants a
cloud computing infrastructure that is resilient enough to keep working even
while it's getting hit by massive denial-of-service attacks.
The DARPA (Defense Advanced Research Projects Agency) will
build a cloud-based network that can continue supporting military missions even
while under cyber-attack, DARPA said in an announcement May 17. DARPA will
elaborate on the details behind the MRC (Mission-oriented Resilient Clouds) project
at a Proposer's Day meeting on May 26.

Considering the mission-critical and sensitive nature of the
Defense Department's projects, the department requires a secure cloud
infrastructure that can withstand a cyber-attack without interruption. The
problem lies with the cloud's inability to withstand an attack, DARPA said.

There is a high degree of trust between hosts within a cloud
infrastructure, which allows malware to spread rapidly to other systems within
the environment once it manages to get in. Since the hosts are also integrated
using high-speed connections, attacks can potentially propagate even more
rapidly than in conventional networked systems, according to DARPA.
"Today's hosts, of course, are highly vulnerable, but even if
the hosts within a cloud are reasonably secure, any residual vulnerability in
the hosts will be amplified dramatically," DARPA said.
The MRC program will run
an "ensemble of interconnected hosts acting in concert," DARPA said in the
announcement.
"Loss of individual hosts and tasks within the ensemble is
allowable as long as mission effectiveness is preserved," DARPA said.
The MRC project will include redundant hosts and will be able to
correlate attack information while switching around resources. "The goal is to
provide resilient support to the mission through adaptation," according to the
agency.
The country's military weapons systems and other critical
communications systems are controlled and operated through computers and computer
networks, Peter Pace, a former chairman of the Joint Chiefs of Staff, said at a
conference on cyberspace in April. It is critical that the United States be
able to detect when the network is under attack and to be able to defend it
without compromising the systems that rely on the network, according to Pace.
Department of Defense systems are under continuous attack.
Over 250,000 probes hit DoD networks every hour, Gen. Keith Alexander, the
director the National Security Agency and commander of the U.S. Cyber Command,
said at a conference last year.
The research project will support the federal government's
"cloud first" policy as announced by Vivek Kundra, United States CIO, back in
December. The policy requires every federal agency to identify three existing
systems that could move to the cloud, and to consider a cloud system when
developing new projects.
"Cloud computing is a rapidly emerging trend within both the
commercial sector and the Department of Defense," DARPA said.
The MRC project would help move the DoD toward more cloud
computing initiatives, according to Dave Mihelcic, the CTO of the Defense
Information Systems Agency, in the announcement.
MRC will be
a companion program to the existing Clean-slate design of Resilient,
Adaptive, Secure Hosts (CRASH) project that aims to limit vulnerabilities in
each host within a cloud infrastructure. MRC will focus on the network's
"amplifying" effect and use it to make the network more resilient, instead of
helping to propagate the attack.